The arrival of the HTML5 programming platform to the web community has enabled a fast-paced and dynamic experience for the interacting user. The programming platform combines application programming interfaces (API's) with dynamic content generation and presentation, thus enabling developers to incorporate increased features and capabilities into browser-based applications. For example, HTML5 allows developers to integrate active code into a webpage that is able to execute inside the browser of the client device.
Unfortunately, the dynamic nature of HTML5 has also introduced a number of security risks to the user. Because the programming platform allows developers to incorporate active code into a webpage, oftentimes the code may execute without the user's knowledge about the code. Some existing solutions allow the client device to validate the authenticity of the application. For example, some developers may use digital signatures to sign their developed software to allow the client device may validate the code upon downloading it. However, those solutions only provide authenticity verification of software delivered by particular developers or publishers, in a single-source and one-time fashion. Furthermore, such solutions do not provide dynamic verification of web service applications (e.g., HTML 5-based dynamic content creation and browser plug-ins) that are independent of the specific software vendor or service provider. As such, there are limited options available to users to ensure that a browser-based application is secure prior to downloading or executing the application.